02 Nov / 2022
CVE: CVE-2022-3602 and CVE-2022-3786
What Is Vulnerable?: OpenSSL versions 3.0.0 or later. It is worth noting that SSL v3.0.0 was released in September 2021.
October 26th, the OpenSSL project team announced a critical vulnerability that was found in their widely used TLS and SSL software library. An additional statement from the OpenSSL team on the 1st of November downgraded the vulnerability from critical to high, citing that testing feedback provided by security firms. Estimates from shodan.io, indicate that 16,000 of all websites using OpenSSL are currently using version 3.0.x or later. Currently, there is no known exploitation of these vulnerabilities in the wild. OpenSSL prior to v3.0.x are not vulnerable as the exploit is due to a decoding functionality which was introduced in v3.0.x.
Cyber Insurance And Penetration Testing: How Australian Businesses Can Mitigate Cyber Risk
Cyber Insurance And Penetration Testing: How Australian Businesses Can Mitigate Cyber RiskIn the early 2000s, cyber insurance was a relatively n…Read More
Does Your Business Meet Australian Security Legislation? A Checklist for Board Members and Executive
Everything you need to maintain a compliant security strategy.The Australian Institute of Company Directors has stated an increased focus on cyb…Read More
Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture
Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture The Australian legal sector's increasing adoption of digita…Read More